Date: Thu, 24 May 2012 11:49:06 +0000 From: gpf@FreeBSD.org To: svn-soc-all@FreeBSD.org Subject: socsvn commit: r236273 - soc2012/gpf/pefs_kmod/sbin/pefs Message-ID: <20120524114906.F05D0106564A@hub.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: gpf Date: Thu May 24 11:49:06 2012 New Revision: 236273 URL: http://svnweb.FreeBSD.org/socsvn/?view=rev&rev=236273 Log: Revert back to requiring a mounted pefs fs for pefs addchecksum. ioctl()s will be used to retrieve filename MAC & ciphertext 4k blocks from kernel. The only problem now is that .pefs.checksum is written into mounted fs, therefore: a) encrypted filename for .pefs.checksum b) encrypted content. A simple solution would be to create .pefs.checksum outside of fs and then require user to copy the file by hand. Modified: soc2012/gpf/pefs_kmod/sbin/pefs/pefs_checksum.c soc2012/gpf/pefs_kmod/sbin/pefs/pefs_ctl.c Modified: soc2012/gpf/pefs_kmod/sbin/pefs/pefs_checksum.c ============================================================================== --- soc2012/gpf/pefs_kmod/sbin/pefs/pefs_checksum.c Thu May 24 10:59:48 2012 (r236272) +++ soc2012/gpf/pefs_kmod/sbin/pefs/pefs_checksum.c Thu May 24 11:49:06 2012 (r236273) @@ -235,7 +235,6 @@ } bucketp->nelements++; - /* XXXgpf: Turn them into void */ return (0); } @@ -368,18 +367,26 @@ * the checksum file. * A) The total sum of entries is gathered so that a hash table is allocated. * B) For each file entry: - * B1) the file_id is retrieved. - * B2) list of checksums is computed for the file's 4k blocks. - * B3) file entry is added to hash table. (separate chaining is used) + * B1) semantic checks: file should reside in pefs filesystem & + * file should be regular file + * B2) the file_id is retrieved. + * B3) list of checksums is computed for the file's 4k blocks. + * B4) file entry is added to hash table. (separate chaining is used) */ static int pefs_create_in_memory_db(FILE *fpin, const EVP_MD *md, uint8_t hash_len, - struct hash_table *checksum_hash_tablep) + struct hash_table *checksum_hash_tablep, char *fsroot) { + struct statfs fs; struct file_header *fhp; int error; uint32_t nfiles; + if (statfs(fsroot, &fs) == -1) { + pefs_warn("statfs failed: %s: %s", fsroot, strerror(errno)); + return (PEFS_ERR_SYS); + } + error = pefs_count_file_entries(fpin, &nfiles); if (error != 0) return (error); @@ -389,19 +396,21 @@ return (error); while((fhp = pefs_next_file(fpin, &error)) != NULL) { - /* XXXgpf: Semantic checks are now performed by addchecklist command */ + error = pefs_file_semantic_checks(fhp, &fs); + if (error != 0) + return (error); error = pefs_get_file_id(fhp); if (error != 0) - return error; + return (error); error = pefs_compute_file_checksums(fhp, md, hash_len); if (error != 0) - return error; + return (error); error = pefs_add_to_hash_table(checksum_hash_tablep, fhp); if (error != 0) - return error; + return (error); } pefs_print_hash_table(checksum_hash_tablep, hash_len); @@ -623,6 +632,10 @@ hash_len = EVP_MD_size(md); snprintf(checksum_path, sizeof(checksum_path), "%s/%s", fsroot, PEFS_FILE_CHECKSUM); + /* + * XXXgpf: If pefs fs is mounted when .pefs.checksum is created, then it will obtain an + * encrypted filename. It's not a bug, it's a feature! + */ fdout = open(checksum_path, O_WRONLY | O_CREAT | O_EXCL, S_IRUSR | S_IWUSR); if (fdout == -1) { warn("cannot open %s", checksum_path); @@ -630,7 +643,7 @@ } error = pefs_create_in_memory_db(fpin, md, hash_len, - &checksum_hash_table); + &checksum_hash_table, fsroot); if (error != 0) goto out; Modified: soc2012/gpf/pefs_kmod/sbin/pefs/pefs_ctl.c ============================================================================== --- soc2012/gpf/pefs_kmod/sbin/pefs/pefs_ctl.c Thu May 24 10:59:48 2012 (r236272) +++ soc2012/gpf/pefs_kmod/sbin/pefs/pefs_ctl.c Thu May 24 11:49:06 2012 (r236273) @@ -1072,11 +1072,7 @@ return (PEFS_ERR_USAGE); } - /* XXXgpf: [TODO] probably check that fsroot is not mounted */ - if (!checkargs_fs(argc, argv)) - pefs_usage(); - - strlcpy(fsroot, argv[0], sizeof(fsroot)); + initfsroot(argc, argv, 0, fsroot, sizeof(fsroot)); error = pefs_create_checksum_file(fpin, fsroot, algo);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20120524114906.F05D0106564A>